'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit

'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit

Briefly

"“As with the previous Copy Fail vulnerability, Dirty Frag likewise allows immediate root privilege escalation on all major distributions,” Kim said. “Because the responsible disclosure schedule and embargo have been broken, no patches exist for any distribution.”"

"“Dirty Frag works by chaining together two separate Linux kernel flaws. One sits in the xfrm-ESP subsystem and dates back to a January 2017 kernel commit, according to Kim, while the second vulnerability affects RxRPC functionality introduced in 2023.”"

"“Together, the two bugs allegedly let unprivileged local users overwrite protected files in memory and claw their way to root. A long list of distributions in the firing line, according to Kim, including Ubuntu, Red Hat Enterprise Linux, CentOS Stream, Fedora, AlmaLinux, and openSUSE Tumbleweed.”"

"“Separately, researchers appear to have independently reverse-engineered part of the bug chain from a publicly visible kernel fix commit before the embargo expired, adding to the disclosure mess already surrounding the flaw. One GitHub project titled ‘Copy Fail 2: Electric Boogaloo’ claims to weaponize the ESP/xfrm side of the issue separately from Kim's full Dirty Frag chain.”"